Fix audit timeline app names and stabilize backend tests

2026-02-06 11:26:59 +09:00
parent 62b5bdba76
commit 66e1ed1e72
8 changed files with 448 additions and 301 deletions
--- a/backend/internal/handler/auth_handler.go
+++ b/backend/internal/handler/auth_handler.go
@@ -3079,11 +3079,25 @@ func (h *AuthHandler) GetAuthTimeline(c *fiber.Ctx) error {
 		path := strings.ToLower(extractAuditPath(log))
 		if strings.Contains(path, "/api/v1/auth/oidc/login/accept") {
 			appName = "OIDC 로그인"
-			loginChallenge := extractLoginChallengeFromAuditDetails(log.Details)
-			if loginChallenge != "" {
-				if info, ok := resolveLoginClient(loginChallenge); ok {
-					appName = info.Name
-					clientID = info.ClientID
+			// 우선 audit details의 client 정보를 사용하고, 없으면 Hydra 조회로 보강
+			if details, err := parseAuditDetails(log.Details); err == nil && details != nil {
+				if name, ok := details["client_name"].(string); ok && strings.TrimSpace(name) != "" {
+					appName = strings.TrimSpace(name)
+				}
+				if cid, ok := details["client_id"].(string); ok && strings.TrimSpace(cid) != "" {
+					clientID = strings.TrimSpace(cid)
+					if appName == "OIDC 로그인" {
+						appName = clientID
+					}
+				}
+			}
+			if appName == "OIDC 로그인" {
+				loginChallenge := extractLoginChallengeFromAuditDetails(log.Details)
+				if loginChallenge != "" {
+					if info, ok := resolveLoginClient(loginChallenge); ok {
+						appName = info.Name
+						clientID = info.ClientID
+					}
 				}
 			}
 		}
@@ -3586,11 +3600,26 @@ func (h *AuthHandler) AcceptOidcLoginRequest(c *fiber.Ctx) error {

 	// Check if the client is active
 	loginReq, err := h.Hydra.GetLoginRequest(c.Context(), req.LoginChallenge)
-	if err == nil && loginReq != nil && loginReq.Client.Metadata != nil {
-		if status, ok := loginReq.Client.Metadata["status"].(string); ok {
-			if strings.ToLower(status) == "inactive" {
-				slog.Warn("Login rejected for inactive client in AcceptOidcLoginRequest", "client_id", loginReq.Client.ClientID)
-				return fiber.NewError(fiber.StatusForbidden, "The client application is disabled.")
+	if err == nil && loginReq != nil {
+		// Audit 상세 정보 보강: OIDC 로그인 시점에 client 정보를 저장
+		clientID := strings.TrimSpace(loginReq.Client.ClientID)
+		if clientID != "" {
+			clientName := strings.TrimSpace(loginReq.Client.ClientName)
+			if clientName == "" {
+				clientName = clientID
+			}
+			c.Locals("audit_details_extra", map[string]any{
+				"client_id":   clientID,
+				"client_name": clientName,
+			})
+		}
+
+		if loginReq.Client.Metadata != nil {
+			if status, ok := loginReq.Client.Metadata["status"].(string); ok {
+				if strings.ToLower(status) == "inactive" {
+					slog.Warn("Login rejected for inactive client in AcceptOidcLoginRequest", "client_id", loginReq.Client.ClientID)
+					return fiber.NewError(fiber.StatusForbidden, "The client application is disabled.")
+				}
 			}
 		}
 	}